From 56d62cfd264357832fb8349c2a7be159efc4715e Mon Sep 17 00:00:00 2001
From: Pawel Andruszkiewicz <p.andruszkie@samsung.com>
Date: Thu, 30 Apr 2015 12:46:21 +0200
Subject: [PATCH] [Account] Privilege checks moved to JS.

Privileges need to be check before validation of arguments.

Change-Id: I145568782afcce0e25e6abd4227821be66f1a51f
---
 src/account/account_api.js      | 22 ++++++++++++++++++++++
 src/account/account_instance.cc | 29 -----------------------------
 2 files changed, 22 insertions(+), 29 deletions(-)

diff --git a/src/account/account_api.js b/src/account/account_api.js
index 00aeee9..910131a 100644
--- a/src/account/account_api.js
+++ b/src/account/account_api.js
@@ -68,6 +68,8 @@ function Account() {
 
 
 Account.prototype.setExtendedData = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'key', type: types_.STRING },
         { name: 'value', type: types_.STRING }
@@ -88,6 +90,8 @@ Account.prototype.setExtendedData = function() {
 
 
 Account.prototype.getExtendedData = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     if (T_.isFunction(arguments[0]) || arguments.length > 1) {
         var args = validator_.validateArgs(arguments, [
             {
@@ -150,6 +154,8 @@ function AccountManager() {}
 
 
 AccountManager.prototype.add = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'account', type: types_.PLATFORM_OBJECT, values: Account }
     ]);
@@ -171,6 +177,8 @@ AccountManager.prototype.add = function() {
 
 
 AccountManager.prototype.remove = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'accountId', type: types_.UNSIGNED_LONG}
     ]);
@@ -184,6 +192,8 @@ AccountManager.prototype.remove = function() {
 
 
 AccountManager.prototype.update = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_WRITE);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'account', type: types_.PLATFORM_OBJECT, values: Account }
     ]);
@@ -203,6 +213,8 @@ AccountManager.prototype.update = function() {
 
 
 AccountManager.prototype.getAccount = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'accountId', type: types_.UNSIGNED_LONG }
     ]);
@@ -227,6 +239,8 @@ AccountManager.prototype.getAccount = function() {
 
 
 AccountManager.prototype.getAccounts = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'successCallback', type: types_.FUNCTION, optional: false, nullable: false },
         { name: 'errorCallback', type: types_.FUNCTION, optional: true, nullable: true },
@@ -258,6 +272,8 @@ AccountManager.prototype.getAccounts = function() {
 
 
 AccountManager.prototype.getProvider = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'applicationId', type: types_.STRING }
     ]);
@@ -282,6 +298,8 @@ AccountManager.prototype.getProvider = function() {
 
 
 AccountManager.prototype.getProviders = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'successCallback', type: types_.FUNCTION, optional: false, nullable: false },
         { name: 'errorCallback', type: types_.FUNCTION, optional: true, nullable: true },
@@ -391,6 +409,8 @@ var _accountListeners = new AccountListeners();
 
 
 AccountManager.prototype.addAccountListener = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'callback', type: types_.LISTENER, values: ['onadded', 'onremoved', 'onupdated'] }
     ]);
@@ -400,6 +420,8 @@ AccountManager.prototype.addAccountListener = function() {
 
 
 AccountManager.prototype.removeAccountListener = function() {
+    xwalk.utils.checkPrivilegeAccess(xwalk.utils.privilege.ACCOUNT_READ);
+
     var args = validator_.validateArgs(arguments, [
         { name: 'accountListenerId', type: types_.UNSIGNED_LONG }
     ]);
diff --git a/src/account/account_instance.cc b/src/account/account_instance.cc
index 01dadbe..954d112 100644
--- a/src/account/account_instance.cc
+++ b/src/account/account_instance.cc
@@ -21,14 +21,6 @@ using common::TypeMismatchException;
 using common::UnknownException;
 using common::SecurityException;
 
-namespace {
-// The privileges that required in Account API
-const std::string kPrivilegeAccountRead =
-    "http://tizen.org/privilege/account.read";
-const std::string kPrivilegeAccountWrite =
-    "http://tizen.org/privilege/account.write";
-} // namespace
-
 #define CHECK_EXIST(args, name, out) \
     if (!args.contains(name)) {\
       ReportError(TypeMismatchException(name" is required argument"), out);\
@@ -81,8 +73,6 @@ void AccountInstance::AccountSetExtendedData(const picojson::value& args,
                                              picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountWrite, &out);
-
   CHECK_EXIST(args, "key", out)
   CHECK_EXIST(args, "value", out)
   CHECK_EXIST(args, "accountId", out)
@@ -98,8 +88,6 @@ void AccountInstance::AccountGetExtendedData(const picojson::value& args,
                                              picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   CHECK_EXIST(args, "accountId", out)
   CHECK_EXIST(args, "callbackId", out)
 
@@ -127,8 +115,6 @@ void AccountInstance::AccountGetExtendedDataSync(const picojson::value& args,
                                                  picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   CHECK_EXIST(args, "key", out)
   CHECK_EXIST(args, "accountId", out)
 
@@ -140,21 +126,18 @@ void AccountInstance::AccountGetExtendedDataSync(const picojson::value& args,
 
 void AccountInstance::AccountManagerAdd(const picojson::value& args, picojson::object& out) {
   LoggerD("Enter");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountWrite, &out);
   manager_->AddAccount(args, out);
 }
 
 void AccountInstance::AccountManagerRemove(const picojson::value& args,
                                            picojson::object& out) {
   LoggerD("Enter");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountWrite, &out);
   manager_->RemoveAccount(args, out);
 }
 
 void AccountInstance::AccountManagerUpdate(const picojson::value& args,
                                            picojson::object& out) {
   LoggerD("Enter");
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountWrite, &out);
   manager_->UpdateAccount(args, out);
 }
 
@@ -162,8 +145,6 @@ void AccountInstance::AccountManagerGetAccount(const picojson::value& args,
                                                picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   CHECK_EXIST(args, "accountId", out)
 
   int account_id = static_cast<int>(args.get("accountId").get<double>());
@@ -175,8 +156,6 @@ void AccountInstance::AccountManagerGetAccounts(const picojson::value& args,
                                                 picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   CHECK_EXIST(args, "callbackId", out)
   int callback_id = static_cast<int>(args.get("callbackId").get<double>());
 
@@ -204,8 +183,6 @@ void AccountInstance::AccountManagerGetProvider(const picojson::value& args,
                                                 picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   std::string application_id = args.get("applicationId").get<std::string>();
   LoggerD("application_id [%s]", application_id.c_str());
 
@@ -216,8 +193,6 @@ void AccountInstance::AccountManagerGetProviders(const picojson::value& args,
                                                  picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   CHECK_EXIST(args, "callbackId", out)
   int callback_id = static_cast<int>(args.get("callbackId").get<double>());
 
@@ -289,8 +264,6 @@ void AccountInstance::AccountManagerAddAccountListener(
     const picojson::value& args, picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   int ret = 0;
   if (!subscribe_) {
     LoggerD("Creating subscription");
@@ -319,8 +292,6 @@ void AccountInstance::AccountManagerRemoveAccountListener(
     const picojson::value& args, picojson::object& out) {
   LoggerD("Enter");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeAccountRead, &out);
-
   if (subscribe_) {
     LoggerD("Removing subscription");
 
-- 
2.7.4